A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption when processing GIF images. The flaw affects Red Hat Enterprise Linux 10 systems, and Red Hat has issued an Important security update to address it. The advisory provides specific patched RPM packages (e.g., giflib-5.2.1-22.el10_1.1) for all supported architectures.
Red Hat Product Errata RHSA-2026:8858 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8858 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM giflib-5.2.1-22.el10_1.1.src.rpm SHA-256: d06b3d5027adca6323ff61ea161cf9fec3a165791c6093829d7e3c2217b3ca30 x86_64 giflib-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 32df127aa5d0a039b3be8c2bb7b433d6ed4549d02ee4677828e8e7e09c955c98 giflib-debuginfo-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 354e79c50b3badb480e19dacf6c53f69e1fade41bf398098d049ec51c9aa03c3 giflib-debugsource-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 845b3f1040ec0ad4e6b88e2a0b7b5e7ae5ad69eaf6ab60a738771f4e720fea4c giflib-utils-debuginfo-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 1427156a24ff6cad139a344d761eac81fdb239860869899b22904b0b7c846f85 Red Hat Enterprise Linux for IBM z Systems 10 SRPM giflib-5.2.1-22.el10_1.1.src.rpm SHA-256: d06b3d5027adca6323ff61ea161cf9fec3a165791c6093829d7e3c2217b3ca30 s390x giflib-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 33efd26f20c4ff5470bd3959e3e18eac5d2b608e1a93b6379719b07ff7617e97 giflib-debuginfo-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 5077f3c2b59feb9995eb1455d38abd989cdb1d6e18e441d54dde2de9f9a96b4a giflib-debugsource-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 808036d90d80e38191b5f356b63b9e6a485904108c02ad0eac9bffe8be35b7df giflib-utils-debuginfo-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 23bce88fc99670f8e9e93ef13057bbd85f29e011aec69d8fc8ac09843e093559 Red Hat Enterprise Linux for Power, little endian 10 SRPM giflib-5.2.1-22.el10_1.1.src.rpm SHA-256: d06b3d5027adca6323ff61ea161cf9fec3a165791c6093829d7e3c2217b3ca30 ppc64le giflib-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 9fc1871922430f6d736dff2727f6b16e1c8108713e19d48eb2d0918511a21e61 giflib-debuginfo-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: b874dbe3e20ff64b936f9939537ee27f96bc0ebc9cb930a5996b4853e4da4da6 giflib-debugsource-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 805f872d9ed1f66c55b2c16d5a3b7349c90d612bd021f01e844add5c9fd1b25a giflib-utils-debuginfo-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 0a7947f1dbcfa4492a184552537703ca7eab20878751b4ea647f0d17d465e906 Red Hat Enterprise Linux for ARM 64 10 SRPM giflib-5.2.1-22.el10_1.1.src.rpm SHA-256: d06b3d5027adca6323ff61ea161cf9fec3a165791c6093829d7e3c2217b3ca30 aarch64 giflib-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 8b07933ebe18f054789f45b67522a17188a488068ac6bc22cb94a9890c1db82a giflib-debuginfo-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: e9caa153054f2046fa2508d19c622daa14812c2a994b10eb875f4d3a632e67b6 giflib-debugsource-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 646d4dc7ece74c9bff2cedab21538da5aa4df51e0c1077a05bdcd792d495eab4 giflib-utils-debuginfo-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 348c2c8e075f7d06b618891470331c6a369c820cc0b5043f9855f952bbb3f0bd Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 giflib-debuginfo-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 354e79c50b3badb480e19dacf6c53f69e1fade41bf398098d049ec51c9aa03c3 giflib-debugsource-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 845b3f1040ec0ad4e6b88e2a0b7b5e7ae5ad69eaf6ab60a738771f4e720fea4c giflib-devel-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: a19b651ea832d9531a048287912a3fbf5ff117a548aab7a7286551ffd5a2e8de giflib-utils-debuginfo-5.2.1-22.el10_1.1.x86_64.rpm SHA-256: 1427156a24ff6cad139a344d761eac81fdb239860869899b22904b0b7c846f85 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le giflib-debuginfo-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: b874dbe3e20ff64b936f9939537ee27f96bc0ebc9cb930a5996b4853e4da4da6 giflib-debugsource-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 805f872d9ed1f66c55b2c16d5a3b7349c90d612bd021f01e844add5c9fd1b25a giflib-devel-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 7b62a12a522923ac87732fb2fe3c13f44ccf96223f3e5eca9f3bf43aafd4dcdd giflib-utils-debuginfo-5.2.1-22.el10_1.1.ppc64le.rpm SHA-256: 0a7947f1dbcfa4492a184552537703ca7eab20878751b4ea647f0d17d465e906 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 giflib-debuginfo-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: e9caa153054f2046fa2508d19c622daa14812c2a994b10eb875f4d3a632e67b6 giflib-debugsource-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 646d4dc7ece74c9bff2cedab21538da5aa4df51e0c1077a05bdcd792d495eab4 giflib-devel-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 282712738ce05224391a14b99a1b93148a828405faeb3c6c02b813aae5b5ffbc giflib-utils-debuginfo-5.2.1-22.el10_1.1.aarch64.rpm SHA-256: 348c2c8e075f7d06b618891470331c6a369c820cc0b5043f9855f952bbb3f0bd Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x giflib-debuginfo-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 5077f3c2b59feb9995eb1455d38abd989cdb1d6e18e441d54dde2de9f9a96b4a giflib-debugsource-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 808036d90d80e38191b5f356b63b9e6a485904108c02ad0eac9bffe8be35b7df giflib-devel-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 311a4e958cbdd09d2af58e6b549f5c8c0d826b3ecf32dc03577229a326c44c3b giflib-utils-debuginfo-5.2.1-22.el10_1.1.s390x.rpm SHA-256: 23bce88fc99670f8e9e93ef13057bbd85f29e011aec69d8fc8ac09843e093559 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .